$mv = move_uploaded_file($_FILES['attachment']['tmp_name'], $newfilename);
if (!$mv) {
$sql = "DELETE FROM `{$dbUpdates}` WHERE id='{$updateid}'";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
trigger_error('!Error: Problem moving attachment from temp directory to: ' . $newfilename, E_USER_WARNING);
}
// Check file size before attaching
if ($_FILES['attachment']['size'] > $att_max_filesize) {
trigger_error('User Error: Attachment too large or file upload error - size:', $_FILES['attachment']['size'], E_USER_WARNING);
// throwing an error isn't the nicest thing to do for the user but there seems to be no guaranteed
// way of checking file sizes at the client end before the attachment is uploaded. - INL
}
$filename = cleanvar($_FILES['attachment']['name']);
if ($cust_vis == 'yes') {
$category = 'public';
} else {
$category = 'private';
}
}
//create link
$sql = "INSERT INTO `{$dbLinks}`(linktype, origcolref, linkcolref, direction, userid) ";
$sql .= "VALUES(5, '{$updateid}', '{$fileid}', 'left', '{$sit[2]}')";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
$sql = "UPDATE `{$dbIncidents}` SET status='{$newstatus}', priority='{$newpriority}', lastupdated='{$now}', timeofnextaction='{$timeofnextaction}' WHERE id='{$id}'";
mysql_query($sql);
return $html;
}
$title = $strEditFeedbackQuestion;
$qid = cleanvar($_REQUEST['qid']);
$fid = cleanvar($_REQUEST['fid']);
$action = cleanvar($_REQUEST['action']);
switch ($action) {
case 'save':
// External variables
$question = cleanvar($_POST['question']);
$questiontext = cleanvar($_POST['questiontext']);
$sectiontext = cleanvar($_POST['sectiontext']);
$taborder = cleanvar($_POST['taborder']);
$type = cleanvar($_POST['type']);
$required = cleanvar($_POST['required']);
$options = cleanvar($_POST['options']);
$sql = "UPDATE `{$dbFeedbackQuestions}` SET ";
$sql .= "question='{$question}', ";
$sql .= "questiontext='{$questiontext}', ";
$sql .= "sectiontext='{$sectiontext}', ";
$sql .= "taborder='{$taborder}', ";
$sql .= "type='{$type}', ";
$sql .= "required='{$required}', ";
$sql .= "options='{$options}' ";
$sql .= "WHERE id='{$qid}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Error: " . mysql_error(), E_USER_ERROR);
}
header("Location: feedback_form_edit.php?formid={$fid}");
exit;
// create Session instance
$ses->sesStart('install_echelon');
// start session (name 'echelon', 0 => session cookie, path is echelon path so no access allowed oustide echelon path is allowed)
if ($_GET['t'] == 'install') {
## find the Echelon directory ##
$install_dir = $_SERVER['SCRIPT_NAME'];
$echelon_dir = preg_replace('#install/index.php#', '', $install_dir);
## Create an Echelon salt
$ech_salt = genSalt(16);
$ses_salt = randPass(6);
## Get the form information ##
$email = cleanvar($_POST['email']);
$db_host = cleanvar($_POST['db-host']);
$db_user = cleanvar($_POST['db-user']);
$db_pass = cleanvar($_POST['db-pass']);
$db_name = cleanvar($_POST['db-name']);
emptyInput($email, 'your email address');
emptyInput($db_host, 'your email address');
emptyInput($db_host, 'database hostname');
emptyInput($db_user, 'database username');
emptyInput($db_name, 'database name');
// check the new email address is a valid email address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
sendBack('That email is not valid');
}
## test connection is to the Db works ##
define("DBL_HOSTNAME", $db_host);
// hostname of where the server is located
define("DBL_USERNAME", $db_user);
// username that can connect to that DB
define("DBL_PASSWORD", $db_pass);
} else {
$shade = 'shade2';
}
}
echo "</table>";
echo "<p align='center'>{$strUsersBoldSkills}.</p>";
} else {
trigger_error('User input error: ' . $error_string, E_USER_ERROR);
}
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} elseif ($action == 'reassign') {
// External variables
$incidentid = cleanvar($_REQUEST['incidentid']);
$uid = cleanvar($_REQUEST['userid']);
$nextaction = cleanvar($_REQUST['nextaction']);
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>{$strIncidentAdded} - {$strSummary}</h2>";
echo "<p align='center'>";
$incidentnum = "<a href=\"javascript:incident_details_window('{$incidentid}','incident{$incidentid}');\">{$strIncident} {$incidentid}</a>";
$queuename = "<strong style='color: red'>{$strActionNeeded}</strong>";
$name = user_realname($uid);
printf($strHasBeenAutoMovedToX, $incidentnum, $name, $queuename);
echo help_link('AutoAssignIncidents') . "</p><br /><br />";
$userphone = user_phone($userid);
if ($userphone != '') {
echo "<p align='center'>{$strTelephone}: {$userphone}</p>";
}
$sql = "UPDATE `{$dbIncidents}` SET owner='{$uid}', lastupdated='{$now}' WHERE id='{$incidentid}'";
mysql_query($sql);
if (mysql_error()) {
echo "<input type='submit' value='Save / Display' />";
}
echo "</div>";
echo "</form>\n";
} elseif ($_REQUEST['mode'] == "save") {
$badchars = array('.', '/', '\\');
$lang = cleanvar($_REQUEST['lang']);
$lang = str_replace($badchars, '', $lang);
$origcount = cleanvar($_REQUEST['origcount']);
$i18nalphabet = cleanvar($_REQUEST['i18nalphabet'], TRUE, FALSE);
$filename = "{$lang}.inc.php";
echo "<p>Send Translation, <code>{$filename}</code>", "<code>i18n</code>", "<a href='mailto:sitracker-devel-discuss@lists.sourceforge.net'>sitracker-devel-discuss@lists.sourceforge.net</a> </p>";
$i18nfile = '';
$i18nfile .= "<?php\n";
foreach ($_REQUEST['meta'] as $meta) {
$meta = cleanvar($meta);
$i18nfile .= "// {$meta}\n";
}
$i18nfile .= "\n";
$i18nfile .= "\$languagestring = '{$languages[$lang]} ({$lang})';\n";
$i18nfile .= "\$i18ncharset = 'UTF-8';\n\n";
if (!empty($i18nalphabet)) {
$i18nfile .= "// List of letters of the alphabet for this language\n";
$i18nfile .= "// in standard alphabetical order (upper case, where applicable)\n";
$i18nfile .= "\$i18nAlphabet = '{$i18nalphabet}';\n\n";
}
$i18nfile .= "// list of strings (Alphabetical by key)\n";
$lastchar = '';
$translatedcount = 0;
foreach (array_keys($_POST) as $key) {
if (!empty($_POST[$key]) and substr($key, 0, 3) == "str") {
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$title = $strAddLink;
// External variables
$action = $_REQUEST['action'];
$origtab = cleanvar($_REQUEST['origtab']);
$origref = cleanvar($_REQUEST['origref']);
$linkref = cleanvar($_REQUEST['linkref']);
$linktypeid = cleanvar($_REQUEST['linktype']);
$direction = cleanvar($_REQUEST['dir']);
if ($direction == '') {
$direction = 'lr';
}
$redirect = cleanvar($_REQUEST['redirect']);
switch ($action) {
case 'addlink':
// Insert the link
if ($direction == 'lr') {
$sql = "INSERT INTO `{$dbLinks}` ";
}
$sql .= "(linktype, origcolref, linkcolref, userid) ";
$sql .= "VALUES ('{$linktypeid}', '{$origref}', '{$linkref}', '{$sit[2]}')";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
html_redirect($redirect);
break;
case '':
## Type of ban and get and set vars ##
$pb_ban = cleanvar($_POST['pb']);
if ($pb_ban == 'on') {
$is_pb_ban = true;
} else {
$is_pb_ban = false;
$duration_form = cleanvar($_POST['duration']);
$time = cleanvar($_POST['time']);
emptyInput($time, 'time frame');
emptyInput($duration_form, 'penalty duration');
}
$reason = cleanvar($_POST['reason']);
$client_id = cleanvar($_POST['cid']);
$pbid = cleanvar($_POST['c-pbid']);
$c_name = cleanvar($_POST['c-name']);
$c_ip = cleanvar($_POST['c-ip']);
// check for empty reason
emptyInput($reason, 'ban reason');
## Check sent client_id is a number ##
if (!isID($client_id)) {
sendBack('Invalid data sent, ban not added');
}
## Sort out some ban information
if ($is_pb_ban) {
// if the ban is perma ban
$type = 'Ban';
$time_expire = '-1';
$duration = 0;
} else {
$type = 'TempBan';
// NOTE: the duration in the DB is done in MINUTES and the time_expire is written in unix timestamp (in seconds)
require 'inc.php';
if ($mem->loggedIn()) {
// if logged don't allow the user to register
set_error('Logged in users cannot register');
sendHome();
// send to the index/home page
}
if (!isset($_REQUEST['key'])) {
// if key does not exists
$step = 1;
// the user must input a matching key and email address
} else {
// if key is sent
// clean vars of unwanted materials
$key = cleanvar($_REQUEST['key']);
$email = cleanvar($_REQUEST['email']);
// check the new email address is a valid email address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
set_error('That email is not valid 9999999');
}
// query db to see if key and email are valid
$valid_key = $dbl->verifyRegKey($key, $email, $key_expire);
if ($valid_key == true) {
// if the key sent is a valid one
$step = 2;
} else {
$step = 1;
set_error('The key or email you submitted are not valid.');
}
}
// basic page setup
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Paul Heaney <paulheaney[at]users.sourceforge.net>
$permission = 0;
// not required
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$legacy = cleanvar($_REQUEST['legacy']);
$groupid = cleanvar($_REQUEST['gid']);
// By default show users in home group
if ($groupid == 'all') {
$filtergroup = 'all';
} elseif ($groupid == '') {
$filtergroup = $_SESSION['groupid'];
} else {
$filtergroup = $groupid;
}
$title = $strSkillsMatrix;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>" . icon('skill', 32) . " ";
echo "{$title}</h2>";
echo "<p align='center'>{$strDisplay}: ";
if (empty($legacy)) {
echo "<a href='{$_SERVER['PHP_SELF']}?legacy=yes&gid={$groupid}'>{$strAll}</a>";
echo date_picker('addsoftware.lifetime_end');
echo "</td></tr>\n";
echo "<tr><th>{$strTags}:</th>";
echo "<td><textarea rows='2' cols='30' name='tags'></textarea></td></tr>\n";
echo "</table>";
echo "<p align='center'><input name='submit' type='submit' value='{$strAddSkill}' /></p>";
echo "<p class='warning'>{$strAvoidDupes}</p>";
echo "</form>\n";
echo "<p align='center'><a href='products.php'>{$strReturnWithoutSaving}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
$_SESSION['formdata']['add_software'] = NULL;
} else {
// External variables
$name = cleanvar($_REQUEST['name']);
$tags = cleanvar($_REQUEST['tags']);
$vendor = cleanvar($_REQUEST['vendor']);
if (!empty($_REQUEST['lifetime_start'])) {
$lifetime_start = date('Y-m-d', strtotime($_REQUEST['lifetime_start']));
} else {
$lifetime_start = '';
}
if (!empty($_REQUEST['lifetime_end'])) {
$lifetime_end = date('Y-m-d', strtotime($_REQUEST['lifetime_end']));
} else {
$lifetime_end = '';
}
$_SESSION['formdata']['add_software'] = $_REQUEST;
// Add new
$errors = 0;
// check for blank name
if ($name == '') {
$longdescription = cleanvar($_REQUEST['longdescription']);
$fileversion = cleanvar($_REQUEST['fileversion']);
$expirytype = cleanvar($_REQUEST['expiry_none']);
if ($expirytype == 'time') {
$days = cleanvar($_REQUEST['expiry_days']);
$hours = cleanvar($_REQUEST['expiry_hours']);
$minutes = cleanva($_REQUEST['expiry_minutes']);
if ($days < 1 && $hours < 1 && $minutes < 1) {
$expirydate = 0;
} else {
$expirydate = calculate_time_of_next_action($days, $hours, $minutes);
}
} elseif ($expirytype == 'date') {
$day = cleanvar($_REQUEST['day']);
$month = cleanvar($_REQUEST['month']);
$year = cleanvar($_REQUEST['year']);
$date = explode("-", $date);
$expirydate = mktime(0, 0, 0, $month, $day, $year);
} else {
$expirydate = 0;
}
// receive the uploaded file to a temp directory on the local server
if ($_FILES['file']['error'] != '' and $_FILES['file']['error'] != UPLOAD_ERR_OK) {
echo get_file_upload_error_message($_FILES['file']['error'], $_FILES['file']['name']);
} else {
$filepath = $CONFIG['attachment_fspath'] . $file_name;
$mv = move_uploaded_file($_FILES['file']['tmp_name'], $filepath);
if (!mv) {
trigger_error("Problem moving uploaded file from temp directory: {$filepath}", E_USER_WARNING);
}
if (!file_exists($filepath)) {
break;
case 'storedashboard':
$id = $_REQUEST['id'];
$val = $_REQUEST['val'];
if ($id == $_SESSION['userid']) {
//check you're changing your own
$sql = "UPDATE `{$dbUsers}` SET dashboard = '{$val}' WHERE id = '{$id}'";
$contactresult = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
}
break;
case 'checkldap':
$ldap_host = cleanvar($_REQUEST['ldap_host']);
$ldap_port = cleanvar($_REQUEST['ldap_port']);
$ldap_protocol = cleanvar($_REQUEST['ldap_protocol']);
$ldap_security = cleanvar($_REQUEST['ldap_security']);
$ldap_user = cleanvar($_REQUEST['ldap_bind_user']);
$ldap_password = cleanvar($_REQUEST['ldap_bind_pass']);
$r = ldapOpen($ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_user, $ldap_password);
if ($r == -1) {
echo "0";
} else {
echo "1";
}
// Success
break;
default:
break;
}
echo $_SESSION['formdata']['add_product']['description'];
}
echo "</textarea>";
echo "</td></tr>";
echo "</table>\n";
echo "<p><input name='submit' type='submit' value='{$strAddProduct}' /></p>";
echo "<p class='warning'>{$strAvoidDupes}</p>";
echo "</form>\n";
echo "<p align='center'><a href='products.php'>{$strReturnWithoutSaving}</a></p>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
clear_form_data('add_product');
} else {
// External variables
$name = cleanvar($_REQUEST['name']);
$vendor = cleanvar($_REQUEST['vendor']);
$description = cleanvar($_REQUEST['description']);
$_SESSION['formdata']['add_product'] = $_REQUEST;
// Add New
$errors = 0;
// check for blank name
if ($name == '') {
$errors++;
$_SESSION['formerrors']['add_product']['name'] = sprintf($strFieldMustNotBeBlank, $strProduct);
}
if ($vendor == '' or $vendor == "0") {
$errors++;
$_SESSION['formerrors']['add_product']['vendor'] = sprintf($strFieldMustNotBeBlank, $strVendor);
}
// add product if no errors
if ($errors == 0) {
$sql = "INSERT INTO `{$dbProducts}` (name, vendorid, description) VALUES ('{$name}', '{$vendor}', '{$description}')";
$id = cleanvar($_POST['id']);
$distribution = cleanvar($_POST['distribution']);
$solution = cleanvar($_POST['solution']);
$kbarticle = cleanvar($_POST['kbarticle']);
$kbtitle = cleanvar($_POST['kbtitle']);
$symptoms = cleanvar($_POST['symptoms']);
$cause = cleanvar($_POST['cause']);
$question = cleanvar($_POST['question']);
$answer = cleanvar($_POST['answer']);
$workaround = cleanvar($_POST['workaround']);
$status = cleanvar($_POST['status']);
$additional = cleanvar($_POST['additional']);
$references = cleanvar($_POST['references']);
$wait = cleanvar($_POST['wait']);
$send_email = cleanvar($_POST['send_email']);
$send_engineer_email = cleanvar($_POST['send_engineer_email']);
// Close the incident
$errors = 0;
echo "<script src='{$CONFIG['application_webpath']}scripts/webtrack.js' type='text/javascript'></script>\n";
// check for blank closing status field
if ($closingstatus == 0) {
$errors = 1;
$error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strClosingStatus}'"), E_USER_ERROR);
}
if ($_REQUEST['summary'] == '' && $_REQUEST['solution'] == '') {
$errors = 1;
$error_string = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSummary}' / '{$strSolution}'"), E_USER_ERROR);
}
plugin_do('pre_incident_closing');
if ($errors == 0) {
$addition_errors = 0;
echo "<table class='vertical' align='center'>";
echo "<tr><th>{$strRole}</th><td>{$obj->id}</td></tr>";
echo "<tr><th>{$strName}</th><td><input type='text' name='rolename' id='rolename' value='{$obj->rolename}' /></td></tr>";
echo "<tr><th>{$strDescription}</th><td><textarea name='description' id='description' rows='5' cols='30'>{$obj->description}</textarea></td></tr>";
echo "</table>";
echo "<input type='hidden' name='roleid' id='roleid' value='{$roleid}' />";
echo "<p><input name='submit' type='submit' value='{$strEditRole}' /></p>";
echo "</form>";
} else {
echo "<p class='warning'>{$strNoRecords}</p>";
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
} else {
$rolename = cleanvar($_REQUEST['rolename']);
$description = cleanvar($_REQUEST['description']);
$copyfrom = cleanvar($_REQUEST['copyfrom']);
$_SESSION['formdata']['role_edit'] = $_REQUEST;
if (empty($rolename)) {
$errors++;
$_SESSION['formerrors']['role_edit']['rolename'] = sprintf($strFieldMustNotBeBlank, $strName);
}
$sql = "SELECT * FROM `{$dbRoles}` WHERE rolename = '{$rolename}' AND id != {$roleid}";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($result) > 0) {
$errors++;
$_SESSION['formerrors']['role_edit']['duplicaterole'] = "{$strADuplicateAlreadyExists}</p>\n";
}
if ($errors == 0) {
if ($errors == 0) {
$sql = "UPDATE `{$dbVendors}` SET name = '{$vendorname}' WHERE id = '{$vendorid}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
html_redirect("main.php");
} else {
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo $errors_string;
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
}
break;
case 'edit':
$vendorid = cleanvar($_REQUEST['vendorid']);
$vendorname = cleanvar($_REQUEST['vendorname']);
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>{$strEditVendor} {$vendorname}</h2>";
echo "<form action='{$_SERVER['PHP_SELF']}' name'editvendor'>";
echo "<table align='center'>";
echo "<tr><th>{$strVendorName}:</th><td><input maxlength='50' name='name' size='30' value='{$vendorname}'/></td></tr>";
echo "</table>";
echo "<input type='hidden' name='action' value='save' />";
echo "<input type='hidden' name='vendorid' value='{$vendorid}' />";
echo "<p align='center'><input name='submit' type='submit' value='{$strEditVendor}' /></p>";
echo "</form>";
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
break;
default:
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>{$strEditVendor}</h2>";
<tfoot>
<tr>
<th colspan="6"></th>
</tr>
</tfoot>
<tbody>
<?php
$counter = 1;
$keys_data = $dbl->getKeys($key_expire);
$num_rows = $keys_data['num_rows'];
if ($num_rows > 0) {
foreach ($keys_data['data'] as $reg_keys) {
// get data from query and loop
$reg_key = $reg_keys['reg_key'];
// the reg key
$comment = cleanvar($reg_keys['comment']);
// comment about key
$time_add = date($tformat, $reg_keys['time_add']);
$email = emailLink($reg_keys['email'], '');
$admin_link = echUserLink($reg_keys['admin_id'], $reg_keys['display']);
$alter = alter();
$token_keydel = genFormToken('keydel' . $reg_key);
if ($mem->id == $admin_id) {
// if the current user is the person who create the key allow the user to edit the key's comment
$edit_comment = '<img src="" alt="[Edit]" title="Edit this comment" class="edit-key-comment" />';
} else {
$edit_comment = '';
}
// setup heredoc (table data)
$data = <<<EOD
\t\t\t<tr class="{$alter}">
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// Don't return more than this number of results
$maxresults = 1000;
// External variables
$search_title = cleanvar($_REQUEST['search_title']);
$search_id = cleanvar($_REQUEST['search_id']);
$search_externalid = cleanvar($_REQUEST['search_externalid']);
$search_contact = cleanvar($_REQUEST['search_contact']);
$search_servicelevel = cleanvar($_REQUEST['search_servicelevel']);
$search_details = cleanvar($_REQUEST['search_details']);
$search_range = cleanvar($_REQUEST['search_range']);
$search_date = cleanvar($_REQUEST['search_date']);
$search_user = cleanvar($_REQUEST['search_user']);
$action = cleanvar($_REQUEST['action']);
include APPLICATION_INCPATH . 'htmlheader.inc.php';
// show search incidents form
if (empty($action)) {
echo "<h2>" . icon('search', 32) . " ";
echo "{$strSearch} ({$strAdvanced})</h2>";
echo "<form action=\"{$_SERVER['PHP_SELF']}\" method='get'>";
echo "<table class='vertical'>";
echo "<tr><th colspan='2'>{$strIncidents}</th><tr>\n";
echo "<tr><th>{$strTitle}:</th><td><input maxlength='100' name='search_title' size='30' type='text' /></td></tr>\n";
echo "<tr><th>{$strIncident} ID:</th><td><input maxlength='100' name='search_id' size='30' type='text' /></td></tr>\n";
echo "<tr><th>{$strExternalID}:</th><td><input maxlength='100' name='search_externalid' size='30' type='text' /></td></tr>\n";
echo "<tr><th>{$strServiceLevel}:</th><td>" . serviceleveltag_drop_down('search_servicelevel', 0, TRUE) . "</td></tr>\n";
echo "<tr><th>{$strContact}:</th><td><input maxlength='100' name='search_contact' size='30' type='text' /></td></tr>\n";
echo "<tr><th>{$strPriority}:</th><td>" . priority_drop_down('search_priority', 0) . "</td></tr>\n";
echo "<tr><th>{$strProduct}:</th><td>" . product_drop_down('search_product', 0) . "</td></tr>\n";
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Tom Gerrard <tom.gerrard[at]salfordsoftware.co.uk>
$permission = 27;
// View your calendar
require '..' . DIRECTORY_SEPARATOR . 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
require APPLICATION_LIBPATH . 'auth.inc.php';
header('Content-Type: text/plain');
foreach (array('week', 'id') as $var) {
$var = cleanvar($_REQUEST['$var']);
eval("\${$var}={$var};");
}
$startdate = $week / 1000;
$enddate = $startdate + 86400 * 7;
// TODO: check for overlapping tasks and any other invalidness
$sql = "UPDATE `{$dbTasks}` SET completion = 1 ";
$sql .= "WHERE startdate >= '" . date("Y-m-d H:i:s", $startdate) . "' ";
$sql .= "AND enddate < '" . date("Y-m-d H:i:s", $enddate) . "' ";
$sql .= "AND completion = 0";
mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
echo "OK";
// This is parsed later so don't internationalise
/**
* Returns the contents of an SLA target update, mostly for problem definition and action plan to pre-fill the close form
* @author Kieran Hogg
* @param $incidentid int The incident to get the update of
* @param $target string The SLA target, initialresponse, probdef etc
* @return string The updates of the message, stripped of line breaks
*/
function sla_target_content($incidentid, $target)
{
$rtn = '';
global $dbUpdates;
$incidentid = cleanvar($incidentid);
$target = cleanvar($target);
$sql = "SELECT bodytext FROM `{$dbUpdates}` ";
$sql .= "WHERE incidentid = '{$incidentid}' ";
$sql .= "AND sla = '{$target}' ";
$sql .= "ORDER BY timestamp DESC";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
list($bodytext) = mysql_fetch_array($result);
$bodytext = str_replace("<hr>", "", $bodytext);
$rtn .= $bodytext;
return $rtn;
}
$engineerPeriod = cleanvar($_POST['engineerPeriod']);
$customerPeriod = cleanvar($_POST['customerPeriod']);
$timed = cleanvar($_POST['timed']);
$allow_reopen = cleanvar($_POST['allow_reopen']);
if ($allow_reopen != 'yes') {
$allow_reopen = 'no';
}
$limit = cleanvar($_POST['limit']);
if ($limit == '') {
$limit = 0;
}
if (empty($timed)) {
$timed = 'no';
$allow_reopen = 'yes';
}
$_SESSION['formdata']['add_servicelevel'] = cleanvar($_POST, TRUE, FALSE, FALSE, array("@"), array("'" => '"'));
// Check input
$errors = 0;
if (empty($tag)) {
$errors++;
$_SESSION['formerrors']['add_servicelevel']['tag'] = sprintf($strFieldMustNotBeBlank, $strTag);
}
if (empty($engineerPeriod) and $timed == 'yes') {
$errors++;
$_SESSION['formerrors']['add_servicelevel']['engineerPeriod'] = sprintf($strFieldMustNotBeBlank, $strBillingEngineerPeriod);
}
if (empty($customerPeriod) and $timed == 'yes') {
$errors++;
$_SESSION['formerrors']['add_servicelevel']['customerPeriod'] = sprintf($strFieldMustNotBeBlank, $strBillingCustomerPeriod);
}
if ($errors >= 1) {
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2007 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Authors: Paul Heaney <paulheaney[at]users.sourceforge.net>
$permission = 73;
// Approve billable incidents
require 'core.php';
require_once APPLICATION_LIBPATH . 'functions.inc.php';
include_once APPLICATION_LIBPATH . 'billing.inc.php';
// This page requires authentication
require_once APPLICATION_LIBPATH . 'auth.inc.php';
$transactiond = cleanvar($_REQUEST['transactionid']);
$title = $strBilling;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
$sql = "SELECT * FROM `{$GLOBALS['dbTransactions']}` WHERE transactionid = {$transactiond}";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("Error getting transaction " . mysql_error());
}
if (mysql_num_rows($result) > 0) {
$obj = mysql_fetch_object($result);
if ($obj->transactionstatus == BILLING_AWAITINGAPPROVAL) {
// function update_contract_balance($contractid, $description, $amount, $serviceid='', $transactionid='', $totalunits=0, $totalbillableunits=0, $totalrefunds=0)
$r = update_contract_balance('', '', $obj->amount, $obj->serviceid, $obj->transactionid);
if ($r) {
html_redirect("billable_incidents.php", TRUE, "{$strTransactionApproved}");
} else {
$foc = 'no';
}
if ($billtype == 'billperunit') {
$incidentrate = 0;
} elseif ($billtype == 'billperincident') {
$unitrate = 0;
}
$allcontacts = 'no';
if ($contacts == 'amount') {
$numcontacts = cleanvar($_REQUEST['numcontacts']);
} elseif ($contacts == 'all') {
$allcontacts = 'yes';
}
$incident_pools = explode(',', "0,{$CONFIG['incident_pools']}");
$incident_quantity = $incident_pools[$_POST['incident_poolid']];
$_SESSION['formdata']['add_contract'] = cleanvar($_POST, TRUE, FALSE, FALSE, array("@"), array("'" => '"'));
// Add maintenance to database
$errors = 0;
// check for blank site
if ($site == 0) {
$errors++;
$_SESSION['formerrors']['add_contract']['site'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strSite}'"), E_USER_ERROR);
}
// check for blank product
if ($product == 0) {
$errors++;
$_SESSION['formerrors']['add_contract']['product'] = user_alert(sprintf($strFieldMustNotBeBlank, "'{$strProduct}'"), E_USER_ERROR);
}
// check for blank admin contact
if ($admincontact == 0) {
$errors++;
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 12;
// View Contacts
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
$title = $strBrowseContacts;
// External variables
$search_string = cleanvar($_REQUEST['search_string']);
$submit_value = cleanvar($_REQUEST['submit']);
$displayinactive = cleanvar($_REQUEST['displayinactive']);
if (empty($displayinactive)) {
$displayinactive = "false";
}
if ($submit_value == 'go') {
// build SQL
$sql = "SELECT * FROM `{$dbContacts}` ";
$search_string_len = strlen(utf8_decode($search_string));
if ($search_string != '*') {
$sql .= "WHERE ";
if ($search_string_len <= 6) {
$sql .= "id=('{$search_string}') OR ";
}
if ($search_string_len <= 2) {
$sql .= "SUBSTRING(surname,1,{$search_string_len})=('{$search_string}') ";
} else {
// unlock_update.php - Unlocks incident updates
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// This page is called from incident_html_top.inc.php
$permission = 42;
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// External variables
$incomingid = cleanvar($_REQUEST['id']);
if (empty($incomingid)) {
trigger_error("Update ID was not set:{$updateid}", E_USER_WARNING);
}
$sql = "UPDATE `{$dbTempIncoming}` SET locked = NULL, lockeduntil = NULL ";
$sql .= "WHERE id='{$incomingid}' AND locked = '{$sit[2]}'";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
} else {
// FIXME Have temporarily disabled the inbox feature by removing it from the menu for v3.50 release
// header('Location: inbox.php');
header('Location: holding_queue.php');
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
$permission = 26;
// Help
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
$title = "Help";
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// External variables
$id = cleanvar($_REQUEST['id']);
$title = $strHelp;
include APPLICATION_INCPATH . 'htmlheader.inc.php';
journal(CFG_LOGGING_MAX, 'Help Viewed', "Help document {$id} was viewed", CFG_JOURNAL_OTHER, $id);
echo "<h2>" . icon('help', 32, $strHelp) . " ";
if ($id > 0) {
echo permission_name($id) . ' ';
}
echo "{$strHelp}</h2>";
echo "<div id='help'>";
$helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "help.html";
if (!file_exists($helpfile)) {
$helpfile = APPLICATION_HELPPATH . "{$_SESSION['lang']}" . DIRECTORY_SEPARATOR . "en-GB/help.html";
}
if (file_exists($helpfile)) {
$helptext = file_get_contents($helpfile);
// This Page Is Valid XHTML 1.0 Transitional! 4Nov05
$permission = 22;
// administrate
require 'core.php';
require APPLICATION_LIBPATH . 'functions.inc.php';
$title = $strBrowseJournal;
// This page requires authentication
require APPLICATION_LIBPATH . 'auth.inc.php';
// External variables
$offset = cleanvar($_REQUEST['offset']);
$page = cleanvar($_REQUEST['page']);
$perpage = cleanvar($_REQUEST['perpage']);
$search_string = cleanvar($_REQUEST['search_string']);
$type = cleanvar($_REQUEST['type']);
$sort = cleanvar($_REQUEST['sort']);
$order = cleanvar($_REQUEST['order']);
if (empty($perpage)) {
$perpage = 30;
}
if (empty($page)) {
$page = 1;
}
if (empty($search_string)) {
$search_string = 'a';
}
include APPLICATION_INCPATH . 'htmlheader.inc.php';
echo "<h2>{$title}</h2>";
// Count number of journal records
$sql = "SELECT COUNT(id) FROM `{$dbJournal}`";
$result = mysql_query($sql);
list($totaljournals) = mysql_fetch_row($result);
$foc = 'no';
}
if ($editbilling == "true") {
$amount = cleanvar($_POST['amount']);
if ($amount == '') {
$amount = 0;
}
$unitrate = cleanvar($_POST['unitrate']);
if ($unitrate == '') {
$unitrate = 0;
}
$incidentrate = cleanvar($_POST['incidentrate']);
if ($incidentrate == '') {
$incidentrate = 0;
}
$billtype = cleanvar($_REQUEST['billtype']);
if ($billtype == 'billperunit') {
$incidentrate = 0;
} elseif ($billtype == 'billperincident') {
$unitrate = 0;
}
$updateBillingSQL = ", creditamount = '{$amount}', balance = '{$amount}', unitrate = '{$unitrate}', incidentrate = '{$incidentrate}' ";
}
if ($amount != $originalcredit) {
$adjust = $amount - $originalcredit;
update_contract_balance($contractid, "Credit adjusted to", $adjust, $serviceid);
}
$sql = "UPDATE `{$dbService}` SET startdate = '{$startdate}', enddate = '{$enddate}' {$updateBillingSQL}";
$sql .= ", notes = '{$notes}', foc = '{$foc}' WHERE serviceid = {$serviceid}";
mysql_query($sql);
if (mysql_error()) {
<?php
$auth_name = 'login';
require '../inc.php';
// set vars
$display = cleanvar($_POST['name']);
$email = cleanvar($_POST['email']);
$cur_pw = cleanvar($_POST['password']);
$change_pw = $_POST['change-pw'];
// password is being hashed no need to validate
if ($change_pw == 'on') {
// check to see if the password is to be changed
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if (!testPW($pass1)) {
sendBack('Your new password contains illegal characters: = \' " or space');
}
if ($pass1 != $pass2) {
// if the passwords don't match send them back
sendBack('The supplied passwords to do match');
}
emptyInput($pass1, 'your new password');
$is_change_pw = true;
// this is a change password request aswell
} else {
// this request requires no password change
$is_change_pw = false;
}
// check for empty inputs
emptyInput($display, 'display name');
emptyInput($email, 'email');
$auth_name = 'login';
$b3_conn = true;
// this page needs to connect to the B3 database
$pagination = false;
// this page requires the pagination part of the footer
$query_normal = false;
require 'inc.php';
if (!isset($_GET['pl']) || $_GET['pl'] == '') {
sendError('plug');
// send to error page with no plugin specified error
exit;
}
$plugin = addslashes(cleanvar($_GET['pl']));
$varible = NULL;
if (isset($_GET['v'])) {
$varible = cleanvar($_GET['v']);
}
$page = $plugin;
// name of the page is the plugin name
$Cplug = $plugins_class["{$plugin}"];
$page_title = $Cplug->getTitle();
// get the page title from the title of the plugin
$_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] . '?pl=' . $_GET['pl'];
## Require Header ##
require 'inc/header.php';
if ($mem->reqLevel($Cplug->getPagePerm())) {
// name of the plugin is also the name of the premission associated with it
echo $Cplug->returnPage($varible);
}
// return the relevant page information for this plugin
require 'inc/footer.php';
